This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kb1
Collaborator
‎2020-09-22 08:09 PM

So for some reason identity logging on mgmt server does not work

So we have identity awareness enabled on our gateway, identity logging is enabled on management server and goal is to display usernames on logs on smartconsole and it does not work, upon using the following command on both gateway and mgmt server-

adlog l query ip "ip of dc" , we have 3 dcs configured in our ldap account unit and i typed all 3 ips and for all 3 ips it shows- 

there's no data for given ip

So what does that mean?? And mobile access works fine on the same security gateway where identity awareness is enabled which means it can query one of those 3 ips (dont remember exactly which ip it is out of those 3) and can show usernames(on mobile access policy on smartdashboard i can select usernames easily and apply them on rules and we already have rules applied with usernames) so why cant it show the usernames on the logs on smartconsole??

Thank You.

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2020-09-24 10:07 PM

Is Remote Access one of the identity sources enabled for Identity Awareness?
It's not enabled by default.
Also what version/JHF level?

0 Kudos
kb1
Collaborator
‎2020-09-25 09:41 AM
In response to PhoneBoy

so i ran cpinfo -y all on gateway-

 

This is Check Point CPinfo Build 914000202 for GAIA
[IDA]
No hotfixes..

[CPFC]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 118

[MGMT]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 118

[FW1]
HOTFIX_MAAS_TUNNEL_AUTOUPDATE
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 118

FW1 build number:
This is Check Point's software version R80.20 - Build 163
kernel: R80.20 - Build 151

[SecurePlatform]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 118

[CPinfo]
No hotfixes..

[PPACK]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 118

[DIAG]
No hotfixes..

[CVPN]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 118

[CPUpdates]
BUNDLE_MAAS_TUNNEL_AUTOUPDATE Take: 25
BUNDLE_INFRA_AUTOUPDATE Take: 34
BUNDLE_DEP_INSTALLER_AUTOUPDATE Take: 17
BUNDLE_R80_20_JUMBO_HF_MAIN Take: 118

[CPDepInst]
No hotfixes..

[AutoUpdater]
No hotfixes..

 

On mgmt server-

 

This is Check Point CPinfo Build 914000196 for GAIA
Local host is not a Gateway
[CPFC]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 161

[IDA]
No hotfixes..

[MGMT]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 161

[FW1]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 161

FW1 build number:
This is Check Point Security Management Server R80.20 - Build 035
This is Check Point's software version R80.20 - Build 254

[SecurePlatform]
HOTFIX_GOGO_LT_HALO_JHF Take: 161

[CPinfo]
No hotfixes..

[DIAG]
No hotfixes..

[SmartLog]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 161

[Reporting Module]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 161

[CPuepm]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 161

[VSEC]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 161

[R7520CMP]
No hotfixes..

[R7540CMP]
No hotfixes..

[R76CMP]
HOTFIX_R80_20_JHF_COMP Take: 161

[SFWR77CMP]
No hotfixes..

[R77CMP]
HOTFIX_R80_20_JHF_COMP Take: 161

[R75CMP]
No hotfixes..

[NGXCMP]
No hotfixes..

[EdgeCmp]
No hotfixes..

[SFWCMP]
No hotfixes..

[FLICMP]
No hotfixes..

[SFWR75CMP]
No hotfixes..

[CPUpdates]
BUNDLE_INFRA_AUTOUPDATE Take: 34
BUNDLE_DEP_INSTALLER_AUTOUPDATE Take: 17
BUNDLE_R80_20_JUMBO_HF_MAIN_gogoKernel Take: 161

[CPDepInst]
No hotfixes..

[AutoUpdater]
No hotfixes..

[MGMTAPI]
No hotfixes..

And regarding remote access i dont remember if i enabled that when i initially configured identity awareness is there a way to check that? 

 

And my issue is ad usernames not being shown on smartlog on smartconsole, so how is remote access related to that?

0 Kudos
PhoneBoy
Admin
Admin
‎2020-09-27 09:12 PM
In response to kb1

If the users are logging in via Remote Access, it is very much relevant that they be included in the IDA configuration.

Screen Shot 2020-09-27 at 9.09.47 PM.png

In general, I'd start with the troubleshooting steps here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
Adi_Babai
Employee
Employee
‎2020-09-29 02:32 AM

Hi,

Can you please provide us more details on the configuration?

Which Identity Source is used? (Remote Access/IDC/AD Query/...). What is configured in the policy?

 

 

Thanks,

Adi

 

 

0 Kudos
kb1
Collaborator
‎2020-09-29 12:47 PM
In response to Adi_Babai

so the problem is not with the identity awareness of the gateway itself,i should have been more clear with the issue, but the main issue is with the identity logging on the management server, identity awareness on the gateway works fine and i can see usernames for users logging into ad portal of the gateway on smartlog, what i cannot see is normal users logging into their windows workstations (so referring to identity logging of mgmgt server) that is their usernames cannot be seen, just want identity logging to work properly.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events